Re: To WEP or not to WEP (WiFi)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDonn Shumway at <-
MG Gambill at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: plug-discuss
Subject: Re: To WEP or not to WEP (WiFi)
On Tue, 2005-02-01 at 19:30 -0700, Donn Shumway wrote:
> George,
> I have been experimenting with Wifi on Linux for a few weeks and I
> have to say I have not had much success (with anything faster than
> 802.11b with WEP). However, regarding security, my typical steps for
> securing the connection are:
> 1) Use WPA-PSK minimum for encryption. If you're on Linux, this may
> not be possible, so use WEP 128-bit.
> 2) Set the router's MAC address filtering to only accepts known MAC
> addresses and deny all others.
> 3) Do not broadcast your SSID.
> 4) Change the name of your router. A lot of manufacturers put the
> router model name in this field, like my Linksys WRT54G. There's no
> sense telling anyone who does find your network what model your using.
>
> I am not an expert, but this has worked pretty well for all the
> wireless routers I have setup.
>
> Does anyone else have any suggestions?
---
of course but he should declare where and how secure.

WEP isn't very secure
WPA-PSK is better
a VPN tunnel is even better but you have to set the wireless AP up so it
denies traffic access to the LAN otherwise - tough for someone to do.

If you choose Donn's suggestions above - implement one step at a time
and make sure your wireless can get there so you aren't chasing all
possible problems at once...

i.e.
start with open - no encryption - and connect
stop ssid broadcast and then connect
start MAC address filtering and connect
add WEP encryption keys and connect
add WPA-PSK encryption keys and connect (WPA not supported on 802.11b -
need 802.11g)

only at last point can you feel as though you have some semblance of
security (wonder how long it will take to break WPA-PSK?) Breaking WEP
keys is reportedly a few minutes.

If this is a business - I figure the only safe thing to do is to put
wireless access on outside of LAN firewall so they can access internet
and only access LAN via VPN connection.

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: odd mouse scrollbar behaviorRe: vi cheat sheet->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)